WordPress.org

Make WordPress Core

Opened 21 months ago

Last modified 14 months ago

#26474 new enhancement

Add Filter to Username/Password Fields on Login Form?

Reported by: cgrymala Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.8
Component: Login and Registration Keywords: dev-feedback 2nd-opinion
Focuses: Cc:

Description

As a state institution, we are required to remain PCI-compliant. One of the areas we've been dinged in scans in the past, albeit an area that they consider "low risk", is the fact that the username and password fields allow autocomplete.

I understand that it's probably not preferable for everyone using WordPress to have autocomplete turned off on those fields, but it would be nice if it was simple to at least filter those fields to turn it off (or, at the very least, add that as one of the "args" that are used when the form is built).

This should obviously be used both in wp-login.php and in the wp_login_form function within wp-includes/general-template.php

I'm happy to work up a patch for this if this is something that might be supported. Thanks.

Change History (4)

comment:1 @TobiasBg21 months ago

#26579 was marked as a duplicate.

comment:2 @kitchin21 months ago

  • Cc kitchin@… added

comment:3 @stewarty15 months ago

Ideally, would be great to add other parameters as well. I just had to add placeholder="" to both fields.

A work around is to return the string rather than echo the form where your using it and then str_replace the HTML as needed.

Stewart

comment:4 in reply to: ↑ description @jphase14 months ago

  • Component changed from General to Login and Registration
  • Keywords dev-feedback 2nd-opinion added

Replying to cgrymala:

As a state institution, we are required to remain PCI-compliant. One of the areas we've been dinged in scans in the past, albeit an area that they consider "low risk", is the fact that the username and password fields allow autocomplete.

I understand that it's probably not preferable for everyone using WordPress to have autocomplete turned off on those fields, but it would be nice if it was simple to at least filter those fields to turn it off (or, at the very least, add that as one of the "args" that are used when the form is built).

This should obviously be used both in wp-login.php and in the wp_login_form function within wp-includes/general-template.php

I'm happy to work up a patch for this if this is something that might be supported. Thanks.

It would be great to have an additional filter for the login form as well so we wouldn't have to use output buffers and regex to make customizations. I'd be happy to help with this if needed as well.

Note: See TracTickets for help on using tickets.